1. Field of the Invention
The present invention generally relates to data encryption and, more particularly, to methods and apparatus for updating parameters used for encryption, such as version control parameters.
2. Description of the Related Art
A system on a chip (SOC) generally includes one or more integrated processor cores, some type of embedded memory, such as a cache shared between the processors cores, and peripheral interfaces, such as memory control components and external bus interfaces, on a single chip to form a complete (or nearly complete) system. The use of cache memory hierarchies is well established to improve a processor performance by reducing and/or eliminating read access requests to external main memory.
As part of an enhanced security feature, some SOCs encrypt some portions of data prior to storing it in external memory. Adding such encryption to an SOC may add valuable benefits, such as preventing a hacker from obtaining instructions of a copyrighted program, such as a video game, or data that may be used to determine such instructions through reverse engineering. When the encrypted data is subsequently retrieved from external memory, it must first be decrypted before it can be used by the processor cores.
The encryption is typically carried out with the use of one or more encryption keys generated, in some way, based on a master key. Often the master key is unique to the device, in an effort to ensure no two devices perform encryption in the exact same way. In some cases, a security version parameter (hereinafter, simply the version) maintained on the system may be used in combination with the encryption, in an effort to provide some degree of flexibility regarding how and on what encryption is performed. A current version may reflect a current state of privileges a user has, in effect, determining what content the user may access. As an example, in a gaming system a user may purchase and download a new game. As part of the process of installing the new game on the system, the version may be updated and used to encrypt the game program, with the game, in encrypted form, marked as having been encrypted using the updated version. Upon loading the game, system validation logic may compare the current version of the system against the version used to encrypt the game to verify the system is authorized to run the game. If the versions match, the game will be decrypted and allowed to run, otherwise it will not.
In conventional systems, master key and version data are often stored in battery backed registers or external nonvolatile storage, such as battery-backed non-volatile random access memory (NVRAM). Unfortunately, batteries are expensive and the reliance on batteries introduces complexity as designers must deal with the possibility of having to restore values in the event battery voltage is lost. Further, storing master key and version data in external memory invites attacks by hackers attempting to gain unauthorized access. To combat this, some systems utilize tamper detection hardware designed to notify the system in the event unauthorized access is detected, which also increases system cost.
Accordingly, what is needed is a mechanism for storing Master Key and version information that does not require batteries. Preferably, such a mechanism would allow Master Key and version information to be maintained internal to a device, such as an SOC, implementing security.